All posts by Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

If you have followed Ubuntu closely over the last two years, you will notice how it grew rapidly from being a simple Linux distro for the desktop to a full-fledged user experience across multiple devices: television, smartphones, tablets and PCs. This is highly commendable, and this evolution has been made possible by the combined efforts of Canonical and the developer community of Ubuntu. However, as it happens with any large project, some Ubuntu developers are averse to this idea of transforming Ubuntu into a cloud-based multi-device platform.

In a reply to those developers, Mark Shuttleworth has talked about the position of Canonical in the development of Ubuntu. Mark Shuttleworth believes that cloud and mobile have a bright future and will make a bigger impact. Ubuntu needs to gear up for that, and that is the reason that they have focused on this multi-platform strategy. Ubuntu is being made future-proof in this manner.

He has also declared that while Ubuntu is a community effort (and will always be), Canonical plays a major role in this project and nurtures it like a baby.

There are lots of pure community distros. And wow, they are full of politics, spite, frustration, venality and disappointment. Why? Because people are people, and work is hard, and collaboration is even harder. That’s nothing to do with Canonical, and everything to do with life. In fact, in most of the pure-community projects I’ve watched and participated in, the biggest meme is ‘if only we had someone that could do the heavy lifting’. Ubuntu has that in Canonical – and the combination of our joint efforts has become the most popular platform for Linux fans.

Undoubtedly, Canonical’s role in Ubuntu is that of a visionary leader. Canonical has based a business around this product, so it has a vested interest in the Ubuntu project too. That is the reason why Canonical has always played a leadership role in the Ubuntu project and it has done a good job at it. However, there is a high probability that this attitude of Mark Shuttleworth (whose thoughts reflect that of Canonical’s) can actually spark politics, spite, frustration, venality and disappointment in the Ubuntu community, turning it into one of those projects that he so strongly detests as seen above.

If you spent the last few years of your life worrying about various Adobe PDF exploits, it is time for some fresh news. Java is taking over Adobe products in the exploits category, and a recent Java digital signature exploit takes things even further in the threat arena. Cybercriminals have started using flaws in Java digital certificate checks to run their malicious code through web-browsers. The misbehaving application is usually signed with a trusted certificate, making it impossible to spot any malicious behavior at first glance.

A similar signed and infected application was found on the website of Chemnitz University of Technology in Germany. The application was signed with a known Web-exploit toolkit called g01pack , which was probably developed by the Iranian Cyber Army. The first sample of the attack was discovered on Feb 28.

Java 7 brought a new awesome feature called Security Control to the table. With update 11 of Java 7, the security level was set to high, requiring users to approve if they wanted to run an applet irrespective of whether it was signed or not. However, unsigned applications showed a clear security warning, whereas signed application simply showed a confirmation dialog, though with the same call to action. In case of this malicious application too, the warning dialog was that of a signed application. However, on closer manual inspection, it was seen that the application was signed with a certificate that was revoked in December last year. Clearly, Java does not check for revoked certificates by default.

Stuxnet has been troubling the world of cyber-security for over two years now. It is the most sophisticated piece of worm ever written, and has been tailored to attack particular infrastructures, making it the deadliest cyber-weapon of early 20th century. Now that it has been discovered and studied thoroughly (thanks to Symantec), many interesting facts have come to light, which will help deal with such attacks in future. However, the more people try to understand Stuxnet, the more it surprises them.

Recently, the earliest version of Stuxnet has been discovered, and christened Stuxnet 0.5. Stuxnet 0.5 reveals the evolution of this dreaded worm over the years. While still aimed at nuclear power plant infrastructures, Stuxnet 0.5 had a different behavior altogether. Help net Security writes,

Unlike Stuxnet versions 1.x that disrupted the functioning of the uranium enrichment plant by making centrifuges spin too fast or too slow, this one was meant to do so by closing valves.

Apparently, Stuxnet 0.5 did not meet the developer’s expectations (or perhaps ambitions), and it was developed further to attack centrifuges. However, the development frameworks used in both the versions were different; Flamer for version 0.5 and Tilded for version 1.x, suggesting that a different set of developers were involved in these two versions. Moreover, Stuxnet 0.5 was not designed to spread efficiently either. However, the most interesting part of the code was the one that stopped Stuxnet 0.5 from contacting its command and control center from January 11, 2009 and completely functioning beyond July 4, 2009.

When it comes to next-gen tech, Google clearly has the lead with its Glass project. Google Glass might be premature for its own time, but it is creating a visible impact in the market, as more companies are getting serious about virtual reality. While Glass has a more social and augmented-reality based use case, other companies like Oculus Rift are focusing on a niche market like gaming. The next revolution in consumer devices is coming in the form of virtual reality, and Canon Inc., the imaging expert is joining this race.

Canon is working on a virtual reality device called the Canon MReal. It combines Canon’s excellent imaging technology with the awesomeness of virtual reality to give us a mixed reality environment. The MReal device has a head-mounted display that is fed with a processed video for the wearer to see. There is a camera in front of each eye, which captures a live video, a computer combines the video with computer-generated visuals in live and puts it back on the screen for the wearer to see with assistance from a number of sensors.

Google Glass, Oculus Rift and the Canon MReal are all trying to capture different markets. However, all three are working separately on virtual reality. While the Oculus Rift has the advantage of being super affordable, Google Glass has the awesome Google infrastructure powering it. So, what does Canon MReal have to offer? At a price tag of $125,000, the MReal is not affordable, neither is it a consumer device. It has been showcased as a mixed reality environment creator, which needs a definite predefined behavior from the existing environment. Clearly, this is less of a Google Glass competitor and more of an industrial virtual-reality toy.

Google is playing a big bet with its Glass project. It is pitching Glass aggressively, and everyone’s attention is fixated on this one project; so much that it can easily be called the biggest thing that Google is working on right now. It would be sad if the project’s peak moment at Google were timed poorly in the context of the consumer electronics market. However, the very fact that it has aroused an interest elsewhere is a good indicator. Google is going beyond cellphones and is taking a lead in the consumer electronics sector for the first time, and as we can see, it seems like it is working great for them.

After the desktop PC, the television and the smartphone, Ubuntu has finally landed on the last content consumption device out there- the tablet. Canonical has recently teased its Ubuntu for tablet, and it is a marvelous piece of technology. It brings the seamless Ubuntu user experience to a touch interface, which makes the interface much more relevant and fun to use. Some additional features have also been built on top of the conventional Ubuntu interface, which are specific to a tablet interface, giving Ubuntu for tablets a fresh look and feel.

Ubuntu for tablets comes with a Unity like app launcher sidebar, and a side stage that holds social updates and other apps that need your action. This makes optimal use of the screen real estate. You can drag content between apps, and your app launcher sidebar doubles up as an app switcher, making it easier to multitask. However, the best feature of Ubuntu for tablets would undoubtedly be the non-intrusive notification that allows you to stay on your app while watching that video or reading that article, and yet respond to a message or send out a tweet, like Android notifications but enhanced.

This video demonstrates the capabilities of Ubuntu for tablets and also talks about a seamless Ubuntu experience across multiple devices — the smartphone, the tablet, the PC and the television.

Although Canonical is not talking about any hardware partners yet, it has mentioned hardware specs like an A15 processor, a 2 GB RAM and an 8 GB hard disk, which definitely rules out some devices. The first appearance of Ubuntu for tablet is due this Thursday, and it is arriving on the Nexus 7 and Nexus 10 tablets as a Developer Preview. Apart from that, it will also be available on the Galaxy Nexus and the Nexus 4 smartphones.

It is clear that Ubuntu for tablets and smartphones is trying to grab Android’s market share, as the partner page says things like,

Without the overhead of a Java virtual machine, Ubuntu runs core software at native speeds giving you
fast, fluid transitions and a responsive design – even on low-end devices.

If you already make devices that run Android, the work to adopt Ubuntu
will be minimal.

The response from this Thursday will be a deciding factor for whether Ubuntu for tablets and smartphones will gain momentum.

Over the last few years, we have seen a number of exploits and vulnerabilities in Java. Oracle released Java 6 update 39 earlier this month fixing several security bugs. This was probably the last security update for Java 6, as Oracle had said earlier that there would be no security updates for Java 6 after February. However, you will be surprised to know that there are some top-notch organizations that still ask you to install age-old versions of Java.

Sitebuilder is one such tool from Yahoo! Sitebuilder can be used to whip up really simple websites within a few minutes. It is not the kind of tool developers would boast of, and I do not know anyone who uses it. However, the tool very much exists, and is distributed by Yahoo!. Most of us would not care about using it, but there are people who would want to skip the technical knowhow and just the website out.

Here comes the interesting part- Yahoo Sitebuilder comes with Java 6 update 7, which came out back in the summer of 2008. That version of java is severely flawed and outdated. The Sitebuilder tool cannot be blamed either, as it talks about support for Windows Vista at best, which makes it look like no one at Yahoo! cares about Sitebuilder either! However, what is of importance is that Sitebuilder is being distributed by Yahoo! and given the number of hacks and malware Java is attracting lately, Yahoo! should take care of this and thus prevent the spreading of Java vulnerabilities.

The Pirate Bay – Away From Keyboard (TPB-AFK), the documentary about The Pirate Bay (TPB), and its founders Gottfrid Svartholm Warg (Anakata), Fredrik Neij and Peter Sunde (brokep), was released a few hours back. It took over four years to complete and tells the story of the lives of the founders of TPB. The movie was released online and also featured at the Berlin International Film Festival this year. The film has been made by Swedish filmmaker and producer Simon Klose, who followed and documented the court cases involving TPB.

Currently, Anakata is serving a prison sentence after being arrested in Cambodia and Peter and Fredrik are wanted. The case also included the CEO of TPB Carl Lundström, and all four of them were sentenced to one year in prison each and were ordered to pay damages of USD 3,620,000 in total. Although Carl Lundström’s prison sentence was reduced to four months, which is over now, he had to pay additional damage charges.

The title “Away From Keyboard” is symbolic of the harsh realities of life away from the keyboard where the Pirate Bay trio would face a court trial away from their online lives. Cases like these push the boundaries of reality and make us wonder just how orthodox and stagnant the media industry is, when it comes to copyright. This movie lays case for copyright reforms.

The full documentary is available on YouTube and it is released under a Creative Commons License.

Additionally, there is crowdfunding page for the movie at the official website. If this movie interests you, there are two more documentary films called Steal This Film (2007) and Good Copy Bad Copy (2007), which feature the police raids on The Pirate Bay.

MS research and the UN have planned to undertake the massive task of simulating the ecosystem of the entire world. The plan has been revealed in a recent Nature article titled “Ecosystems: Time to model all life on Earth”.The article is behind a paywall, but for those who can access it, the link goes here. Work on this project has been undertaken at the World Conservation Monitoring Center (WCMC) of the United Nations Environment Program (UNEP), and scientists from Microsoft Research and the WCMC are working together on this project.

The scientists working on this project specialize in biodiversity assessment, and claim that,

This type of model could radically improve our understanding of the biosphere and inform policy decisions about biodiversity and conservation.

As part of this project, the team of scientists will build General Ecosystem Models (GEMs), which will simulate environmental processes like reproduction, migration, death, and feeding. This will provide valuable statistical data to plan and design conservation efforts for the ecosystem. A similar model called the General Circulation models (GCMs) is already in place, which is used to simulate climate changes as well as oceanic changes across the world.

The project is focusing on development of a number of competitive and cooperative models instead of a single model. This will keep the development process competitive, and will create a number of simulations that can exchange ideas and improve over time.

Here is a short interview on Forest Dynamics by Drew Purves, who is also the head of the Computational Ecology and Environmental Science Group at Microsoft and a part of the GEMs project.

The long wait is over finally, as Kim Dotcom is back with his rejuvenated version of Megaupload. The new website is being called Mega, and it has been launched a few minutes ago. Mega comes with a bold tagline of “BIGGER. BETTER. FASTER. STRONGER. SAFER”, which sounds both appealing and challenging at the same time. The launch day also commemorates the Megaupload takedown, which affected Kim Dotcom’s personal life adversely. This launch has an undertone of revenge!

As a service, Mega is still in its beta stage. It boasts of being “The Privacy Company” and offers 50 GB of storage for free users, and strong encryption. With these features, it might give Google Drive, RapidShare, Dropbox and all other cloud storage solutions a tough competition.

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence. Everyone has the right to the protection of the law against such interference.

This reboot of Megaupload enforces 2048-bit RSA key encryption of all data stored on the Mega servers. They even have a fancy name for it — User Controlled Encryption (UCE). This solves two problems. The encrypted data cannot be sniffed by anyone without proper authorization, which will keep the user safe from prying eyes, as only his own key can be used to decrypt the data. Moreover, this will keep Kim Dotcom out of trouble because he cannot be held responsible for encrypted data stored on his servers.

There was a time when RIM could do no wrong. It enjoyed a dominating market share in North America, and enjoyed a massive cult status. With the advent of iOS and Android, things changed rapidly and the tables were turned on RIM. However, things are about to change now. Recently, RIM demoed its Blackberry 10 OS back in December last year, and people have been waiting for the January 30th launch of Blackberry 10 since the day Network world posted that awesome video.

As we get closer to the launch date, RIM has thrown in another surprise with its portathon event.

Alec Saunders, VP, Developer Relations at RIM was spotted tweeting,

Well there you have it.37.5 hours in, we hit 15,000 apps for this portathon. Feel like I’ve run a marathon. Thanks to all the devs!

The portathon event was held in two parts, one where only Android developers were asked to port their apps to Blackberry 10, and another where apps written in Appcelerator, Maramalade, Sencha, jQuery, PhoneGap and Qt were to be ported. The total number of ported apps stood at 15,000 after 37.5 hours. RIM was also offering $100 for every successful porting and submission. Some might call that bribing, but RIM shares have reached a new high after the event, and this is a good sign.

RIM had to realize eventually that this is what people want from a phone, and after this move, there might just be a chance for RIM to make a strong comeback. Although Blackberry 10 might not bring new features to the table, an overhaul like this had become imminent for its survival.